{"id":11312,"date":"2013-07-10T12:50:50","date_gmt":"2013-07-10T16:50:50","guid":{"rendered":"http:\/\/carleton.ca\/financialservices\/?page_id=11312"},"modified":"2025-07-02T11:34:50","modified_gmt":"2025-07-02T15:34:50","slug":"credit-cards-and-pci-compliance","status":"publish","type":"page","link":"https:\/\/carleton.ca\/financialservices\/business-operations\/credit-cards-and-pci-compliance\/","title":{"rendered":"Credit Cards and PCI Compliance"},"content":{"rendered":"<h1>Credit Cards and Payment Card Industry (PCI)<br \/>\nCompliance<\/h1>\n<p>All Carleton University departments that accept credit card payments must process those payments in a manner compliant with the Payment Card Industry Data Security Standard (PCI DSS).\u00a0These requirements were developed by the founders of the <a href=\"https:\/\/www.pcisecuritystandards.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">PCI Security Standards Council <\/a>which include American Express, Visa International Inc., MasterCard Worldwide and Discover Financial Services.<\/p>\n<p><strong>Compliance with PCI DSS is not optional<\/strong>.\u00a0 Compliance protects Carleton University from adverse financial consequences and ensures the University&#8217;s excellent reputation.<\/p>\n<p>Please also note that Carleton University has <strong>one vendor of choice for processing credit\/debit card transactions<\/strong>. All payment solutions must use this vendor for financial transaction processing. Contact <a href=\"m&#97;&#x69;&#x6c;t&#111;&#58;&#x50;&#x43;I&#67;&#111;&#x6d;&#x70;l&#105;&#x61;&#x6e;&#x63;e&#64;&#x43;&#x61;r&#108;&#101;&#x74;&#x6f;n&#46;&#99;&#x61;\">&#x50;&#67;&#73;C&#x6f;&#x6d;&#112;l&#x69;&#x61;&#110;c&#x65;&#x40;&#67;a&#x72;&#x6c;&#101;t&#x6f;&#x6e;&#46;c&#x61;<\/a> for more information.<\/p>\n<p>On this page you will find the following information:<\/p>\n<ul>\n<li><a href=\"#merchant\">Merchant Responsibilities<\/a><img decoding=\"async\" loading=\"lazy\" class=\"alignright wp-image-11336\" src=\"http:\/\/carleton.ca\/financialservices\/wp-content\/uploads\/shutterstock_51417604-400x266.jpg\" alt=\"woman passing over a credit card\" width=\"247\" height=\"164\" srcset=\"https:\/\/carleton.ca\/financialservices\/wp-content\/uploads\/shutterstock_51417604-400x266.jpg 400w, https:\/\/carleton.ca\/financialservices\/wp-content\/uploads\/shutterstock_51417604-50x33.jpg 50w, https:\/\/carleton.ca\/financialservices\/wp-content\/uploads\/shutterstock_51417604-125x83.jpg 125w, https:\/\/carleton.ca\/financialservices\/wp-content\/uploads\/shutterstock_51417604-944x629.jpg 944w, https:\/\/carleton.ca\/financialservices\/wp-content\/uploads\/shutterstock_51417604-660x440.jpg 660w, https:\/\/carleton.ca\/financialservices\/wp-content\/uploads\/shutterstock_51417604-480x320.jpg 480w, https:\/\/carleton.ca\/financialservices\/wp-content\/uploads\/shutterstock_51417604.jpg 1000w\" sizes=\"(max-width: 247px) 100vw, 247px\" \/><\/li>\n<li><a href=\"#storage\">Storage and Access of Cardholder Data<\/a><\/li>\n<li><a href=\"#training\">Training<\/a><\/li>\n<li><a href=\"https:\/\/carleton.ca\/financialservices\/cardholder-data-security-incident-response-plan\/\">Security Incident Response Plan &#8211; PDF version<\/a><\/li>\n<li><a href=\"#resources\">Resources<\/a><\/li>\n<\/ul>\n<h2><a name=\"merchant\"><\/a>Merchant Responsibilities<\/h2>\n<p>Below is a high level summary of responsibilities to help merchants gain confidence in achieving mandatory PCI compliance.\u00a0 For a detailed account, please read the <a href=\"https:\/\/carleton.ca\/financialservices\/wp-content\/uploads\/PaymentCardProcessingManual.pdf\" target=\"_blank\" rel=\"noopener\">Payment Card Processing Manual<\/a>.<\/p>\n<h3>In General:<\/h3>\n<div class=\"columns\"><div class=\"columns__two\"><ul>\n<li>The ongoing protection of cardholder data<\/li>\n<li>Awareness of and adherence to the standards and directives outlined in the Cardholder Data Handling Policy\/Protocol<\/li>\n<li>Ensuring that safeguards designed to protect cardholder data are not tampered with or modified<\/li>\n<\/ul><\/div>\n<div class=\"columns__two\"><ul>\n<li>Immediately <a href=\"#security\">reporting suspected security breaches<\/a> to Business Operations, Financial Services<\/li>\n<li>Completing an annual PCI self-assessment questionnaire<\/li>\n<li>Obtaining guidance from Business Operations when making any changes to credit\/debit card processing<\/li>\n<\/ul><\/div><\/div>\n<h3>Staff\/Training:<\/h3>\n<div class=\"columns\"><div class=\"columns__two\"><ul>\n<li>Completing <a href=\"http:\/\/carleton.ca\/facts\/payment-card-industry-pci-compliance\/\">annual eLearning course<\/a> on cardholder data protection standards and practices<\/li>\n<\/ul><\/div>\n<div class=\"columns__two\"><ul>\n<li>Ensuring all staff complete training prior to accessing cardholder data<\/li>\n<\/ul><\/div><\/div>\n<h3>Collection of \/Processing Cardholder Data:<\/h3>\n<div class=\"columns\"><div class=\"columns__two\"><ul>\n<li>Being aware of which cardholder data may be collected and for what purpose<\/li>\n<li>Processing web-based payments using a PCI-compliant provider approved by Business Operations<\/li>\n<li>Obtaining formal approval from Business Operations prior to processing when the card\/customer are not present (other than via an approved e-commerce solution)<\/li>\n<li>Following best practice to never accept cardholder data via email<\/li>\n<\/ul><\/div>\n<div class=\"columns__two\"><ul>\n<li>Adhering to the strict protocols outlined in the cardholder policy if a business purpose exists requiring use of telephone or fax to collect cardholder information<\/li>\n<li>Restricting access to areas where cardholder data is processed<\/li>\n<li>Configuring 20\/20 terminals to be PCI compliant<\/li>\n<li>Using a single purpose workstation that has been configured for PCI compliance when using a virtual terminal<\/li>\n<\/ul><\/div><\/div>\n<h3>Storage of Cardholder Data:<\/h3>\n<div class=\"columns\"><div class=\"columns__two\"><ul>\n<li>Remaining cognizant of what data may be stored and what must be destroyed immediately<\/li>\n<li>Retaining physical copies of cardholder data only as long as there is a valid business purpose<\/li>\n<li>Masking card numbers on printed receipts and stored documents<\/li>\n<li>Locking physical copies of cardholder data in a secure area<\/li>\n<\/ul><\/div>\n<div class=\"columns__two\"><ul>\n<li>Restricting and monitoring access to areas where cardholder data is stored<\/li>\n<li>Ensuring cardholder data is not stored in electronic format (laptops, flash drives, etc)<\/li>\n<li>Maintaining an inventory log of all media containing cardholder data<\/li>\n<li>Properly destroying all cardholder data in a timely manner, including a quarterly review<\/li>\n<\/ul><\/div><\/div>\n<h2><a name=\"storage\"><\/a>Storage and Access of Cardholder Data<\/h2>\n<table class=\"cutable\" style=\"width: 100%;\" border=\"0\">\n<tbody>\n<tr>\n<td style=\"width: 29.7165%;\"><\/td>\n<td style=\"width: 29.7165%;\"><strong>Data Element<\/strong><\/td>\n<td style=\"width: 18.6706%; text-align: center;\"><strong>Storage Permitted (while business need)<br \/>\n<\/strong><\/td>\n<td style=\"width: 20.7234%; text-align: center;\"><strong>Render Stored Account Data Unreadable<br \/>\n<\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 29.7165%;\" rowspan=\"3\"><strong>Cardholder data<\/strong><\/td>\n<td style=\"width: 29.7165%;\">primary account number (PAN)<\/td>\n<td style=\"width: 18.6706%; text-align: center;\">yes<\/td>\n<td style=\"width: 20.7234%; text-align: center;\">yes<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 29.7165%;\">cardholder name<\/td>\n<td style=\"width: 18.6706%; text-align: center;\">yes<\/td>\n<td style=\"width: 20.7234%; text-align: center;\">no<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 29.7165%;\">expiration date<\/td>\n<td style=\"width: 18.6706%; text-align: center;\">yes<\/td>\n<td style=\"width: 20.7234%; text-align: center;\">no<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 29.7165%;\" rowspan=\"3\"><strong>Sensitive authentication data<\/strong><\/td>\n<td style=\"width: 29.7165%;\">full magnetic stripe data<\/td>\n<td style=\"width: 18.6706%; text-align: center;\">no<\/td>\n<td style=\"width: 20.7234%; text-align: center;\">cannot store<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 29.7165%;\">CAV2\/ CVC2\/ CVV2\/ CID<\/td>\n<td style=\"width: 18.6706%; text-align: center;\">no<\/td>\n<td style=\"width: 20.7234%; text-align: center;\">cannot store after authorization, even if encrypted<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 29.7165%;\">PIN\/ PIN block<\/td>\n<td style=\"width: 18.6706%; text-align: center;\">no<\/td>\n<td style=\"width: 20.7234%; text-align: center;\">cannot store<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2><a name=\"training\"><\/a>Training<\/h2>\n<p><a href=\"https:\/\/carleton.ca\/facts\/payment-card-industry-pci-compliance\/\" target=\"_blank\" rel=\"noopener noreferrer\">The Business Office offers mandatory yearly, online training for all merchants accepting credit cards.<\/a><\/p>\n<h2><a name=\"security\"><\/a>Security Incident Response Plan<\/h2>\n<p>The &#8216;<a href=\"https:\/\/carleton.ca\/financialservices\/cardholder-data-security-incident-response-plan\/\" target=\"_blank\" rel=\"noopener noreferrer\">Payment Card Data Security Incident Response Plan<\/a>&#8216;\u00a0is the process to be followed for responding to security incidents involving the unauthorized disclosure or modification of cardholder data (as defined by the Payment Card Industry (PCI) Data Security Standard).\u00a0 A security incident refers to malicious attempt, either successful or unsuccessful, by an unauthorized party to negatively impact the confidentiality or integrity of cardholder data is within scope of this incident response plan.<\/p>\n<h2><a name=\"resources\"><\/a>Resources<\/h2>\n<ul>\n<li><a href=\"https:\/\/www.chase.ca\/en\/support\/protect-your-business\" target=\"_blank\" rel=\"noopener noreferrer\">Chase Paymentech Compliance<\/a><\/li>\n<li><a href=\"https:\/\/www.chase.ca\/en\/support\" target=\"_blank\" rel=\"noopener noreferrer\">Chase Paymentech Merchant Center<\/a><\/li>\n<li><a href=\"https:\/\/www.mastercard.com\/globalrisk\/en\/resources\/pci360.html\" target=\"_blank\" rel=\"noopener noreferrer\">Mastercard Data Security Centre<\/a><\/li>\n<li><a href=\"https:\/\/www.mastercard.com\/global\/en\/business\/overview\/safety-and-security\/trust-center.html\" target=\"_blank\" rel=\"noopener noreferrer\">Mastercard Trust Centre<\/a><\/li>\n<li><a href=\"https:\/\/www.pcisecuritystandards.org\" target=\"_blank\" rel=\"noopener noreferrer\">PCI Security Standards Council <\/a><\/li>\n<li><a href=\"https:\/\/www.canada.ca\/en\/financial-consumer-agency\/services\/credit-fraud.html\" target=\"_blank\" rel=\"noopener noreferrer\">The Government of Canada: Credit Card Fraud\u00a0<\/a><\/li>\n<li><a href=\"https:\/\/www.visa.ca\/en_CA\/run-your-business\/merchant-resources\/merchant-security.html\" target=\"_blank\" rel=\"noopener noreferrer\">Visa Fraud Prevention &amp; Security<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Credit Cards and Payment Card Industry (PCI) Compliance All Carleton University departments that accept credit card payments must process those payments in a manner compliant with the Payment Card Industry Data Security Standard (PCI DSS).\u00a0These requirements were developed by the founders of the PCI Security Standards Council which include American Express, Visa International Inc., MasterCard [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":0,"parent":16,"menu_order":2,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","_mi_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":"","_links_to":"","_links_to_target":""},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Credit Cards and PCI Compliance - Financial Services<\/title>\n<meta name=\"description\" content=\"Credit Cards and Payment Card Industry (PCI) Compliance All Carleton University departments that accept credit card payments must process those payments\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/carleton.ca\/financialservices\/business-operations\/credit-cards-and-pci-compliance\/\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/carleton.ca\/financialservices\/business-operations\/credit-cards-and-pci-compliance\/\",\"url\":\"https:\/\/carleton.ca\/financialservices\/business-operations\/credit-cards-and-pci-compliance\/\",\"name\":\"Credit Cards and PCI Compliance - Financial Services\",\"isPartOf\":{\"@id\":\"https:\/\/carleton.ca\/financialservices\/#website\"},\"datePublished\":\"2013-07-10T16:50:50+00:00\",\"dateModified\":\"2025-07-02T15:34:50+00:00\",\"description\":\"Credit Cards and Payment Card Industry (PCI) Compliance All Carleton University departments that accept credit card payments must process those payments\",\"breadcrumb\":{\"@id\":\"https:\/\/carleton.ca\/financialservices\/business-operations\/credit-cards-and-pci-compliance\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/carleton.ca\/financialservices\/business-operations\/credit-cards-and-pci-compliance\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/carleton.ca\/financialservices\/business-operations\/credit-cards-and-pci-compliance\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/carleton.ca\/financialservices\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Business Operations\",\"item\":\"https:\/\/carleton.ca\/financialservices\/business-operations\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Credit Cards and PCI Compliance\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/carleton.ca\/financialservices\/#website\",\"url\":\"https:\/\/carleton.ca\/financialservices\/\",\"name\":\"Financial Services\",\"description\":\"Carleton University\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/carleton.ca\/financialservices\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Credit Cards and PCI Compliance - Financial Services","description":"Credit Cards and Payment Card Industry (PCI) Compliance All Carleton University departments that accept credit card payments must process those payments","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/carleton.ca\/financialservices\/business-operations\/credit-cards-and-pci-compliance\/","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/carleton.ca\/financialservices\/business-operations\/credit-cards-and-pci-compliance\/","url":"https:\/\/carleton.ca\/financialservices\/business-operations\/credit-cards-and-pci-compliance\/","name":"Credit Cards and PCI Compliance - Financial Services","isPartOf":{"@id":"https:\/\/carleton.ca\/financialservices\/#website"},"datePublished":"2013-07-10T16:50:50+00:00","dateModified":"2025-07-02T15:34:50+00:00","description":"Credit Cards and Payment Card Industry (PCI) Compliance All Carleton University departments that accept credit card payments must process those payments","breadcrumb":{"@id":"https:\/\/carleton.ca\/financialservices\/business-operations\/credit-cards-and-pci-compliance\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/carleton.ca\/financialservices\/business-operations\/credit-cards-and-pci-compliance\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/carleton.ca\/financialservices\/business-operations\/credit-cards-and-pci-compliance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/carleton.ca\/financialservices\/"},{"@type":"ListItem","position":2,"name":"Business Operations","item":"https:\/\/carleton.ca\/financialservices\/business-operations\/"},{"@type":"ListItem","position":3,"name":"Credit Cards and PCI Compliance"}]},{"@type":"WebSite","@id":"https:\/\/carleton.ca\/financialservices\/#website","url":"https:\/\/carleton.ca\/financialservices\/","name":"Financial Services","description":"Carleton University","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/carleton.ca\/financialservices\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"acf":{"banner_image_type":"none","banner_button":"no"},"_links":{"self":[{"href":"https:\/\/carleton.ca\/financialservices\/wp-json\/wp\/v2\/pages\/11312"}],"collection":[{"href":"https:\/\/carleton.ca\/financialservices\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/carleton.ca\/financialservices\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/carleton.ca\/financialservices\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/carleton.ca\/financialservices\/wp-json\/wp\/v2\/comments?post=11312"}],"version-history":[{"count":6,"href":"https:\/\/carleton.ca\/financialservices\/wp-json\/wp\/v2\/pages\/11312\/revisions"}],"predecessor-version":[{"id":15568,"href":"https:\/\/carleton.ca\/financialservices\/wp-json\/wp\/v2\/pages\/11312\/revisions\/15568"}],"up":[{"embeddable":true,"href":"https:\/\/carleton.ca\/financialservices\/wp-json\/wp\/v2\/pages\/16"}],"wp:attachment":[{"href":"https:\/\/carleton.ca\/financialservices\/wp-json\/wp\/v2\/media?parent=11312"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}